Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.TENABLE_OT_SIEMENS_CVE-2022-46354.NASL
HistoryAug 03, 2023 - 12:00 a.m.

Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2022-46354)

2023-08-0300:00:00
This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
siemens
scalance x-200rna
vulnerability
cve-2022-46354
improper access control
webserver
security headers
remote attacker
confidential session information
tenable.ot
tenable ot
scanner

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(501594);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/04");

  script_cve_id("CVE-2022-46354");

  script_name(english:"Siemens SCALANCE X-200RNA Switch Devices Improper Access Control (CVE-2022-46354)");

  script_set_attribute(attribute:"synopsis", value:
"The remote OT asset is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"A vulnerability has been identified in SCALANCE X204RNA (HSR) (All
versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7),
SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA
EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All
versions < V3.2.7). The webserver of an affected device is missing
specific security headers. This could allow an remote attacker to
extract confidential session information under certain circumstances.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.");
  script_set_attribute(attribute:"see_also", value:"https://cert-portal.siemens.com/productcert/pdf/ssa-363821.pdf");
  script_set_attribute(attribute:"see_also", value:"https://www.cisa.gov/news-events/ics-advisories/icsa-22-349-02");
  script_set_attribute(attribute:"solution", value:
"The following text was originally created by the Cybersecurity and Infrastructure Security Agency (CISA). The original
can be found at CISA.gov.

Siemens released updates for the affected products and recommends updating to the latest versions:

- Update to V3.2.7 or later version

Siemens identified the following specific workarounds and mitigations users can apply to reduce risk:

- Restrict access to affected systems, especially to ports 22/TCP, 80/TCP, 443/TCP, and 161/UDP to only trusted IP
addresses.
- Disable the simple network management protocol (SNMP) service if not required and if the product supports disabling.
- Deactivate the webserver if not required and if the product supports deactivation.

As a general security measure, Siemens recommends protecting network access to devices with appropriate mechanisms. To
operate the devices in a protected IT environment, Siemens recommends configuring the environment according to Siemens'
operational guidelines for industrial security and following the recommendations in the product manuals.

Additional information on industrial security by Siemens can be found on the Siemens Industrial Security webpage. 

For further inquiries on security vulnerabilities in Siemens products, users should contact Siemens ProductCERT.

For more information, see the associated Siemens security advisory SSA-363821 in HTML and CSAF.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-46354");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/12/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/03");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5204-0ba00-2kb2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5204-0ba00-2mb2_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5204-0bs00-2na3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5204-0bs00-3la3_firmware");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:siemens:6gk5204-0bs00-3pa3_firmware");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tenable.ot");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("tenable_ot_api_integration.nasl");
  script_require_keys("Tenable.ot/Siemens");

  exit(0);
}


include('tenable_ot_cve_funcs.inc');

get_kb_item_or_exit('Tenable.ot/Siemens');

var asset = tenable_ot::assets::get(vendor:'Siemens');

var vuln_cpes = {
    "cpe:/o:siemens:6gk5204-0ba00-2mb2_firmware" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:6gk5204-0ba00-2kb2_firmware" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:6gk5204-0bs00-2na3_firmware" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:6gk5204-0bs00-3la3_firmware" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200"},
    "cpe:/o:siemens:6gk5204-0bs00-3pa3_firmware" :
        {"versionEndExcluding" : "3.2.7", "family" : "SCALANCEX200"}
};

tenable_ot::cve::compare_and_report(asset:asset, cpes:vuln_cpes, severity:SECURITY_WARNING);

Related

prion 1
cve 1
cvelist 1
cnvd 1
nvd 1
ics 1
prion
prion
Information disclosure
2022-12-13 16:15:00
cve
cve
CVE-2022-46354
2022-12-13 16:15:25
cvelist
cvelist
CVE-2022-46354
2022-12-13 00:00:00
cnvd
cnvd
Siemens SCALANCE X-200RNA Switch Devices Improper Access Control Vulnerability
2022-12-14 00:00:00
nvd
nvd
CVE-2022-46354
2022-12-13 16:15:25
ics
ics
Siemens SCALANCE X-200RNA Switch Devices
2022-12-15 12:00:00

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON
Related for TENABLE_OT_SIEMENS_CVE-2022-46354.NASL
prion1cve1cvelist1cnvd1nvd1ics1